Re: Session vanishes thru firewall / works on intranet

Carsten Heyl Wed, 1 Dec 1999 07:29:29 -0800
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------


Some Firewalls allow something they call anomization, they
strip http headers, maybe the cookies are removed there?

You can test it the following way:
        - Activate request/response logging in jserv
          (don't know if response logging is possible, if
           not use a packet sniffer on the intranet)
        - make a request from ouside and see if the cookie is
          present. If the sniffer shows the cookie and it is not seen outside,
          you know, where to search.
        
An easy way to test from outside is via

telnet www.xxx.com
GET /servlet/xxx HTTP/1.0

>My servlet is unable to find the session when executed from outside the
>firewall, yet works when run from inside the firewall.  I'm running from the
>same machine, and the same Apache server is running the same servlet code in
>both cases ( jsdk 2.0; jserv 1.1b2; jvm 1.21 on Solaris ).  I didn't see
>anything in the faq that seemed to point in the right direction.  Jserv is
>supposed to be using cookies for session mgmt
>
>My initial servlet goes something like:
>
>       HttpSession distributorSession = _req.getSession( true ) ;
>       if ( distributorSession.isNew() ){
>               distributor = new Distributor() ;               
>               dmzID = distributor.getIDFromCookie( _req ) ; 
>               distributorSession.putValue( "this.data", distributor ) ;
>       }       
>       distributor = (Distributor)distributorSession.getValue( "this.data"
>) ;
>
>and this part works fine.
>
>When the 2nd servlet runs a few seconds later
>
>       if( _req.isRequestedSessionIdValid() ){
>          logManager.logMessage( "Requested session is valid" ) ;      
>       }else{
>          logManager.logMessage( "Requested session is not valid" ) ;  
>       }
>       HttpSession distributorSession = _req.getSession( false ) ;
>
>I always get a null session, and can't use a getValue() afterwards.
>
>       
>
>
>--
>--------------------------------------------------------------
>Please read the FAQ! <http://java.apache.org/faq/>
>To subscribe:        [EMAIL PROTECTED]
>To unsubscribe:      [EMAIL PROTECTED]
>Archives and Other:  <http://java.apache.org/main/mail.html>
>Problems?:           [EMAIL PROTECTED]
>
>

Ciao,
        Carsten Heyl

  Carsten Heyl                          [EMAIL PROTECTED]
  NADS - Solutions on Nets              http://www.nads.de/
  NADS GmbH                             http://www.pixelboxx.de/
  Hildebrandtstr. 4E                    Tel.: +49 211 933 02-90
D-40215 Duesseldorf                     Fax.: +49 211 933 02-93


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]
Re: Session vanishes thru firewall / works on intranet

Reply via email to
